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DETAILED ACTION 

Claims 1-64 are pending in this application. 

Re-opening Prosecution 

In view of the Appeal Brief filed on August 2 5 2007, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied by a 
supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1.131 or 1.132) or 
other evidence are permitted. See 37 CFR 1.193(b)(2). 
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Claim Rejections - 35 USC S 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 7, 41 and 52 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Regarding claims 7, 41 and 52, the phrase "others" renders the claim(s) indefinite 
because it is unclear which one of the plurality of clients the term is referring to, thereby 
rendering the scope of the claim(s) unascertainable. See MPEP § 2173.05(d). 

Claim Rejections - 35 USC $ 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1. Claims 1-5, 7-12, 17-22, 24, 27-29, 31-33, 35-39, 45-55, 57 and 61 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Stockwell et al. (hereinafter Stockwell, US 5,950,195) 

in view of Elliot (US 7,145,898 Bl). 

As per claim 1 , Stockwell discloses a system comprising one or more client computers 

connected to the Internet by client premises equipment serving a routing function for client 

computers (fig. 1: the computers connected to internal network, col. 4 L2 1-42: a firewall 
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gateway), a method for managing Internet access based on a specified access policy (col. 1 L5- 
10, col. 3 L 16-54, col. 5 LI 6-22: access policies), the method comprising: 

a challenge/response sequence for determining whether a given client computer is in 
compliance with said specified access policy (col. 5 L16 to col. 6 L67, col. 9 Ll-60); 

blocking Internet access for any client computer that does not respond appropriately to 
said challenge (col. 5 L16 to col. 6 L67, col. 9 Ll-60: blocking the Internet access by dropping 
•the connection, col. 1 1 L5-67). 

However, Stockwell does not explicitly disclose the process of transmitting a challenge 
from said client premises equipment to each client computer and transmitting a response from at 
least one client computer back to said client premises equipment for responding to challenge that 
has been issued (Note: Even though the limitations are obvious in Stockwell, Elliot is relied upon 
for teaching these limitations). 

Elliot explicitly discloses an Internet access device that performs the process of 
transmitting a challenge from said client premises equipment to each client computer and 
transmitting a response from at least one client computer back to said client premises equipment 
for responding to challenge that has been issued (col. 265 L46 to col. 266 L60: Internet Access 
Device transmitting challenge and receiving response from client computer). 

Therefore it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell (if necessary) in view of Elliot in order transmit a 
challenge to the client computer and receiving a response to the challenge. 
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One of ordinary skilled in the art would have been motivated because it would have 
authenticated the user and/or connection (See Stockwell: col. 9 LI -60, Elliot: col. 265 L46 to col. 
266 L60). 

As per claim 2, Stockwell discloses the process wherein a client computer that does not 
respond at all is blocked from Internet access (col. 5 L 16 to col. 6 L67, col. 9 LI -60: blocking 
the Internet access by dropping the connection; its also obvious that if the client doesn't respond 
to the username/pswd prompt, the client will not be allowed to access the Internet). 

As per claim 3, Stockwell discloses the process wherein a client computer that responds 
with a particular predefined code indicating nCn-compliance is blocked from Internet access (i.e. 
invalid response, col. 5 LI 6 to col. 6 L67, col. 9 LI -60: its obvious that if client responds to the 
challenge with incorrect information or code, the client will be blocked or not allowed to access 
the Internet). 

As per claim 4, Stockwell discloses the process wherein a client computer that responds 
with a particular predefined code indicating compliance is permitted Internet access (col. 5 LI 6 
to col. 6L67, col. 9 LI -60). 

As per claim 5, Stockwell discloses the process wherein before a receipt of a challenge, 
transmitting an initial message from a particular client computer to the client premises equipment 
for requesting the client premises equipment to transmit a challenge to that particular client 
computer (i.e. transmitting an initial connection request message that enables the firewall to send 
the challenge, col. 5 L53 to col. 6 L67, col. 8 L38 to col. 9 L60, col. 14 L5-55). 

As per claim 7, Stockwell discloses the process wherein client premises equipment is 
capable of permitting Internet access by selected client computers and denying access to other 
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client computers (col. 10 L12 to col. 1 1 L46, col. 1 1 L47 to col. 13 L67: several examples of 
ACLS, col. 8 L38-45). 

As per claim 8, Stockwell disclose the process wherein access policy specifies rules that 
govern Internet access by the client computers (fig. 5, coll L40 to col. 2 L67, col. 5 LI 6-46, col. 
6 L46 to col. 7 L67, col. 10 L12 to col. 1 1 L67). 

As per claim 9, Stockwell discloses the process of determining whether permitting 
Internet access for a given client computer would violate any of rules and if permitting such 
Internet access would violate any of said rule, denying Internet access for that client computer 
(fig. 5, coll L40 to col. 2 L67, col. 5 L16-46, col. 6 L46 to col. 7 L67, col. 10 L12 to col. 1 1 
L67: its obvious that this determination will be made in order to deny or allow the Internet 
access). 

As per claim 10, Stockwell discloses the process wherein access policy includes rules that 
are enforced against selected ones of users, computers and groups thereof (col. 10 LI 2 to col. 11 
L67). 

As per claim 11, Stockwell discloses the process wherein said access policy specifies 
which applications are allowed Internet access (col. 5 LI 6-22, col. 7 Ll-45, col. 8 L20-30: ftp 
and http type of accesses, col. 10 LI 2-67: Matching criteria for rule including: a list of service 
names such as ftp or http, in other words, a list of applications). 

As per claim 12, Stockwell discloses the process wherein said access policy specifies 
applications that are allowed Internet access (col. 5 L16-22, col 7 Ll-45, col. 8 L20-30: ftp and 
http type of accesses, col. 10 LI 2-67: Matching criteria for rule including: a list of service names 
such as ftp or http, in other words, a list of applications). 
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As per claim 17, Stockwell discloses the process wherein said access policy specifies 
Internet access activities that are permitted or restricted for applications or version thereof (col. 5 
L16-22, col. 7 Ll-45, col. 8 L20-30: for http, types of URLs blocked, col. 10 L12-67, col. 1 1 
L35-41,col. 14 LI 3-24). 

As per claim 18, Stockwell discloses the process wherein said access policy specifies 
rules that are transmitted to client computers from a remote location (col. 8 L38 to col. 9 L60, 
col. 11 L5-67). 

As per claim 19, Stockwell discloses the process wherein the remote location comprises a 
centralized location for maintaining said access policy (col. 5 L35-46, col. 7 LI -67, col. 8 L38 to 
col. 9 L60, col. 1 1 L5-67: a relational database). 

As per claim 20, Stockwell discloses the process wherein the process of blocking Internet 
access includes determining, based on identification of a particular client computer or group 
thereof, a specific subset of rules filtered for that particular client computer or group thereof (col. 
5 L16 to col. 6 L67, col. 7 Ll-67, col. 8 L38 to col. 9 LI -60, col. 10 L12 to col. 11 L67, col. 13 
Lll to col. 14L55). 

As per claim 21, Stockwell discloses the process wherein challenge includes a request for 
a particular client computer to respond as to whether it is in. compliance with said access policy 
(col. 5 L16 to col. 6 L67, col. 9 Ll-60). 

As per claim 22, Stockwell discloses the process of redirecting a client computer that is 
not in compliance with said access policy to a sandbox server (i.e. a server, col. 7 L45 to col. 8 
L20, col. 1 1 L5 to col. 12 L44) and informing client computer that it is not in compliance with 
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said access policy (col. 9 LI to col. 10 L8: sending a warning message to the client in response to 
denied connection). 

As per claim 46, Stockwell discloses the system wherein said client premises equipment 
includes a router (col. 4 L8-42). 

As per claim 47, Stockwell discloses the system wherein said access policy is provided at 
client computer to be regulated (col. 3 LI 8-54, col. 5 L16-67). 

As per claim 48, Stockwell discloses the system wherein enforcement module is provided 
at client premises equipment (fig. 2, col. 4 L21-42, col. 5 LI 6-67). 

As per claims 24, 27-29, 31-33, 35-39, 45, 49-55, 57, 61, they do not teach or further 
define over the limitations 1-5, 7-12, 17-22, 46-48. Therefore claims 24, 27-29, 31-33, 35-39, 45, 
49-55, 57, 61 are rejected for the same reasons as set forth in claims 1-5, 7-12, 17-22, 46-48. 

2. Claims 6 and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Stockwell et al. (hereinafter Stockwell, US 5,950,195) in view of Elliot (US 7,1*45,898 Bl), and 
further in view of Kadyk et al. (hereinafter Kadyk, US 6,996,841 B2). 

As per claim 6, Stockwell in view of Elliot does not disclose the process wherein the 
initial message comprises a "client hello" packet. 

Kadyk explicitly discloses the process of sending the "client hello" packet to the server 
(fig. 3 A, col. 10L20-52). 

Therefore it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell in view of Elliot and further in view of Kadyk in 
order send a client hello packet. 



Application/Control Number: 09/944,057 Page 9 

Art Unit: 2151 

One of ordinary skilled in the art would have been motivated because it would have 
created a secured session (col. 10 L20-52). 

As per claim 30, it does not teach or further define over the limitations in claim 6. 
Therefore claim 30 is rejected for the same reasons as set forth in claim 6. 

3. Claims 13-16, 34, 42-44, 56 and 58-60 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stockwell et al. (hereinafter Stockwell, US 5,950,195) in view of Elliot (US 
7,145,898 Bl), and further in view of "Official Notice". 

As per claim 13, Stockwell in view of Elliot disclose the process wherein the applications 
are specified by executable name (col. 13 L10-67, col. 12 L10-67). 

However, Stockwell in view of Elliot does not disclose the process wherein the 
applications are specified by version number. 

But, application name and the version number are two common parameters used in the art 
for identifying applications. 

Therefore, Official Notice is taken to indicate that specifying the applications by 
executable name and version number is well known in the art. 

As such, it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell and Elliot in order to use the executable name and 
version number of the applications. 

One of ordinary skilled 'in the art would have been motivated because these are common 
parameters used for identifying the applications. 
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As per claims 14-16, Stockwell in view of Elliot does not disclose the process wherein 
the applications are specified by digital signatures, wherein the digital signatures are computed 
using cryptographic hash, and wherein the cryptographic hash comprises one of Secure Hash 
algorithm (SHA-1) and MD5 cryptographic hashes. 

But, Secure Hash algorithm (SHA-1) and MD5 cryptographic hashes, digital signatures 
are all well known in the art, as explicitly admitted by the applicant (see specification, pg. 29 
lines 14-31, pg. 10 lines 24-41). 

Therefore, it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell and Elliot in order to specify the applications using 
hashing techniques. 

One of ordinary skilled in the art would have been motivated because it would have 
provided secure communications. 

As per claims 34, 42-44, 56 and 58-60, they do not teach or further define over the 
limitations in claims 13-16. Therefore, claims 34, 42-44, 56 and 58-60 are rejected for the same 
reasons as set forth in claims 13-16. 

4. Claims 23, 25, 26, 40, 41 and 62-64 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stockwell et al. (hereinafter Stockwell, US 5,950,195) in view of Elliot (US 
7,145,898 Bl), and further in view of Shrader et al (hereinafter Shrader, US 6,026,440). 

As per claim 23, Stockwell in view of Elliot discloses the process of redirecting the client 
computer that is not in compliance with said access policy to a particular port on the sandbox 
server (i.e. an alternate machine or server, col. 7 L45 to col. 8 L20, col. 1 1 L5 to col. 12 L44). 
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However, Stockwell in view of Elliot does not disclose the process of displaying error 
message pages on the sandbox server in response to communications on particular ports. 

Shrader explicitly discloses the process of displaying error messages on a server if the 
request fails (col. 4 L40-67, obviously the request will fail on a particular machine or port, in this 
case at the web server port). 

Therefore it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell in view of Elliot and further in view of Shrader in 
order to display the error messages on the sandbox server or alternate server. 

One of ordinary skilled in the art would have been motivated because it would have 
notified the client computer of the denial of the service (Shrader, col. 4 L56-667). It would have 
also improved the routers performance by redirecting the unauthorized client computers to 
alternate server. 

As per claim 26, Stockwell in view of Elliot does not disclose the process wherein after 
displaying error message, permitting said client to elect to access the Internet. 

' Shrader discloses the process of displaying the error in response to inappropriate 
credentials and allowing the client to elect or to access the Internet by prompting the user (col. 4 
L56-67). 

Therefore it would have been obvious to a person of ordinary skilled in the art at the time 
the invention was made to modify Stockwell in view of Elliot and further in view of Shrader in 
order to enable the client to elect to access the Internet. 

One of ordinary skilled in the art would have been motivated because it would have 
provided the client computer another opportunity to access the Internet. 
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As per claims 25 , 40, 41 and 62-64, they do not teach or further define over the 
limitations in claims 23 and 26. Therefore claims 25, 40, 41 and 62-64 are rejected for the same 
reasons as set forth in claims 23 and 26. 

Additional References 
The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. RFC 1321: MD5 Cryptographic algorithm. 

b. Davis et al., US 6,088,450: Authentication System based on periodic 
challenge/response protocol. 

c. Abraham et al., US 5,983,270 : Method and Apparatus for Managing Internetwork 
and Intranetwork activity: A Router and/or Firewall for managing Internet Access. 

d. Nykanen et al., US 6,594,483: discloses using the application names for 
identifying purposes. 

e. Hammond, US 5,974,470: discloses using the version number for applications in 
setting rules. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KAMAL B. DIVECHA whose telephone number is 571-272- 
5863. The examiner can normally be reached on Increased Flex Work Schedule. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR, Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Kamal Divecha/ A 



Kamal Divecha 
Art Unit 2151 
October 16, 2007. 




